To my female readers, hold on a minute, I have to say something to my fellow men. Join me in just in a minute.
Men - I think there must be some confusion here about what security conferences are for. Last time I checked, security conferences were good for a number of things, including:
- Learning about new and exciting advances in the field
- Participating in a CTF
- Damaging your liver
- Meeting new people and reconnecting with old friends
It feels like this should go without saying, but what a security conference is not:
- A meat market
- A quick hookup point
- A match.com meetup
If you follow me on Twitter, you know I attend a lot of security conferences - and I'm a speaker at most the conferences I attend (so I usually see the speaker parties too). The conferences I attend are all over the map, from Blackhat to DEFCON to various BSides and SANS summits. The demographics at these conferences vary wildly from hacker types with green hair and poor hygiene (FFS, please follow the 3-2-1 rule) to more professional and polished DFIR types.
Over the last two years, I'm seeing more women attending conferences. This is GREAT for me personally - my daughter is almost 10 and is interested in STEM. She needs role models. She loves talking to women who are doing "cool computer things." Even Ray Charles isn't blind enough to claim there's no gender equality gap in infosec - the women coming to these conferences will help close that gap and make the industry better for all of us.
But they'll only do that if they feel safe and accepted. And I have to say that I am embarrassed at the behavior I see from my male counterparts at these conferences in their treatment of women. I don't know if it's as a result of more women being at conferences or I've just opened my eyes up to it, but I cannot believe how many seemingly professional guys go from totally cool to total douche in 10 seconds or less.
Guys, infosec conferences aren't a place to find the love of your life. Go use an online dating site for that. Stop mansplaining stuff to women too. Nobody likes that. I saw that happen last night at the TiaraCon party. For those that don't know, this is an event to promote diversity in infosec - making mansplaining there especially ironic.
Don't be touchy
The other thing that I see with a fair degree of regularity are men getting touchy at events - including the speaker events (where I somehow assume things would be somewhat more professional). I have never had a guy touch me to make a point in a conversation (and good thing, I'd f*%king lose my mind). But I see it all the time at these parties and events. And I guess some of my brethren are bad at reading people because all of the "stop f%#king touching me" visual queues are there.
At security conferences in the last year I have stepped in (or have been pulled in as an apparently safe person) on way too many occasions to defuse inappropriate and/or aggressive flirting. I've been asked to walk women back to hotels from parties (including speaker parties) because other attendees were making them feel unsafe. This has to stop. If men in infosec don't make women in infosec feel safe, we'll continue with the same problems we have today.
As we roll into the next two nights of nighttime hacker meetups - I mean drunken DEFCON parties - consider how your actions reflect the industry as a whole. If your mom would be ashamed of your behavior, go ahead and dial it back a few notches.
Women - thanks for hanging in there
Thanks for waiting while I took a minute to talk to my fellow men. Thank you for your contribution to infosec. Hang in there - the men who are inappropriately or aggressively flirting, etc. do not represent all of us. If you ever need someone safe to help you get to a taxi, hotel, etc., look for me and I'll be more than happy to help. If any of my Rendition Infosec employees are ever inappropriate with you, report it - if they're acting inappropriately they won't be employees anymore. I don't control anyone else's future, but I'll start with my small slice of the pie and I hope other employers in our industry will do the same.